Searching for results...

No results

Your search did not match anything from Mirantis documentation.
Check your spelling or try different keywords.

An error occurred

An error occurred while using the search.
Try your search again or contact us to let us know about it.

Newer documentation is now live.You are currently reading an older version.

Define a custom CA certificate for a private Docker registry

This section instructs you on how to define a custom CA certificate for Docker registry connections on your management or MOSK cluster using the MOSK management console or CLI.

Caution

A Docker registry that is being used by a cluster cannot be deleted.

Define a custom CA certificate for a Docker registry using CLI

  1. Create a ContainerRegistry resource(s) with the required registry domain and CA certificate. For details, see ContainerRegistry resource.

  2. In the providerSpec section of the Cluster object, set the containerRegistries field with the names list of created ContainerRegistry resource objects:

    kubectl patch cluster -n <clusterProjectName> <clusterName> --type merge -p '{"spec":{"providerSpec":{"value":{"containerRegistries":["<containerRegistryName>"]}}}}'

  3. Strongly recommended. Back up MKE as described in Mirantis Kubernetes Engine documentation: Back up MKE.

    Since the procedure above modifies the cluster configuration, a fresh backup is required to restore the cluster in case further reconfigurations fail.

Define a custom CA certificate for a Docker registry using web UI

  1. Log in to the MOSK management console with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

  2. In the Container Registries tab, click Add Container Registry.

  3. In the Add new Container Registry window, define the following parameters:

    • Container Registry Name

      Name of the Docker registry to select during cluster creation or post-deployment configuration.

    • Domain

      Host name and optional port of the registry. For example, demohost:5000.

    • CA Certificate

      SSL CA certificate of the registry to upload or insert in plain text.

  4. Click Create.

  5. Strongly recommended. Back up MKE as described in Mirantis Kubernetes Engine documentation: Back up MKE.

    Since the procedure above modifies the cluster configuration, a fresh backup is required to restore the cluster in case further reconfigurations fail.

You can add the created Docker registry configuration to a new or existing MOSK cluster as well as to an existing management cluster:

  • For a new MOSK cluster, in the Create new cluster wizard, select the required registry name from the drop-down menu of the Container Registry option. For details on a new cluster creation, see Create a MOSK cluster.

  • For an existing cluster of any type, in the More menu of the cluster, select the required registry name from the drop-down menu of the Configure cluster > General Settings > Container Registry option. For details on an existing MOSK cluster configuration, see Change a cluster configuration.